Vendor Management

Getting Value From Managed Security Services Providers

BlueScope Steel's Catherine Buhler Offers Real-World Insights
Catherine Buhler, CISO, BlueScope Steel

Organizations rely on a variety of outside firms to deliver security services. But how can they get the most value? Catherine Buhler of BlueScope Steel shares how she challenges managed security services providers.

See Also: How to Scale Your Vendor Risk Management Program

In an interview at Information Security Media Group's recent Sydney Fraud and Breach Prevention Summit, Buhler also discusses:

  • The differences in security practices in the telecommunications and manufacturing industries;
  • The most useful kind of threat intelligence; and
  • How to get MSSPs to match your own risk framework.

Buhler is CISO of BlueScope Steel, which is the world's third-largest producer of coated and painted steel products. She previously worked for Telstra in roles including national security manager and security audit compliance manager. She's also spent time in senior information security roles with ANZ Bank, Australia Post, IAG and GE Capital.


About the Author

Jeremy Kirk

Jeremy Kirk

Managing Editor, Security and Technology, ISMG

Jeremy Kirk is a veteran journalist who has reported from more than a dozen countries. Based in Sydney, he is Managing Editor for Security and Technology for Information Security Media Group. Prior to ISMG, he worked from London and Sydney covering computer security and privacy for International Data Group. Further back, he covered military affairs from Seoul, South Korea, and general assignment news for his hometown paper in Illinois.




Around the Network